A database (or a “DB” for short) is a computerized tool for storing digital data in an orderly manner. A database is often physically stored in a memory which allows direct access to data, such as a magnetic hard drive or a flash memory device. Access to the data is usually performed using designated software, often referred to as a “database management system” (DBMS), usually coupled to the database itself and sometimes considered as a part of the term “database”.
Databases are a common target of intrusions and attacks involving theft and damage of data. Some types of attacks are often considered to be relatively hard to detect and defend against. Examples of such attacks are “privilege escalation” and “SQL (Structured Query Language) injection” attacks.
A privilege escalation attack usually involves exploitation of a loophole in an application associated with a database or in the database itself, in order to gain access to resources which normally would have been protected from the application or from a user. The result is that actions with higher security rights than intended are performed in the database.
An SQL injection attack is often defined as a technique that exploits security vulnerabilities occurring in the database layer of applications. The vulnerability is present when user input is manipulated in a way that causes it to be incorrectly executed by the database. SQL injection may be, in fact, an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Applicant's U.S. Published Application No. 2007/0204342, entitled “Device, System and Method of Database Security”, discloses a database intrusion detection sensor. Applicant's U.S. Provisional Application No. 60/982,467, entitled “Database End-User Identifier”, discloses a system and a method for relaying information pertaining to a user of an application server to a database associated with the application server.